Powershell Exec, Windows Upload/Execute, Reverse TCP Stager (DNS)

Execute an x86 payload from a command via PowerShell. Uploads an executable and runs it staged. Connect back to the attacker Module Options msf use payload/cmd/windows/powershell/upexec/reversetcpdns msf payloadreversetcpdns show actions ...actions... msf payloadreversetcpdns set ACTION msf...

Reliable Datagram Sockets (RDS) rds_atomic_free_op NULL pointer dereference Privilege Escalation

This module attempts to gain root privileges on Linux systems by abusing a NULL pointer dereference in the rdsatomicfreeop function in the Reliable Datagram Sockets RDS kernel module rds.ko. Successful exploitation requires the RDS kernel module to be loaded. If the RDS module is not blacklisted...

Tenable Security Center

This module collects credentials and setup information from Tenable Security Center. root or TNS user permissions are required. We don't utilize SC's builtin backup functionality as that requires SC to be shut down. The module works in 2 phases: Phase 1: gather all passwords which can be decrypte...

HTTPS Fetch, Windows Command Shell, Find Tag Ordinal Stager

Fetch and execute an x86 payload from an HTTPS server. Spawn a piped command shell staged. Use an established connection Module Options msf use payload/cmd/windows/https/x86/shell/findtag msf payloadfindtag show actions ...actions... msf payloadfindtag set ACTION msf payloadfindtag show options...

HTTPS Fetch, Reverse TCP Stager (RC4 Stage Encryption, Metasm)

Fetch and execute an x86 payload from an HTTPS server. Connect back to the attacker Module Options msf use payload/cmd/windows/https/x86/peinject/reversetcprc4 msf payloadreversetcprc4 show actions ...actions... msf payloadreversetcprc4 set ACTION msf payloadreversetcprc4 show options ...show and...

Simple

Simple NOP generator Module Options msf use nop/riscv64le/simple msf nopsimple show actions ...actions... msf nopsimple set ACTION msf nopsimple show options ...show and set options... msf nopsimple run This module requires Metasploit: https://metasploit.com/download Current source:...

HTTPS Fetch, Linux Command Shell, Bind TCP Inline

Fetch and execute an x64 payload from an HTTPS server. Listen for a connection and spawn a command shell Module Options msf use payload/cmd/linux/https/x64/shellbindtcp msf payloadshellbindtcp show actions ...actions... msf payloadshellbindtcp set ACTION msf payloadshellbindtcp show options ...sh...

Apache mod_isapi Dangling Pointer

This module triggers a use-after-free vulnerability in the Apache Software Foundation modisapi extension for versions 2.2.14 and earlier. In order to reach the vulnerable code, the target server must have an ISAPI module installed and configured. By making a request that terminates abnormally...

MajorDoMo Command Injection

This module exploits a command injection vulnerability in MajorDoMo versions before 0662e5e. Module Options msf use exploit/linux/http/majordomocmdinjectcve202350917 msf exploitmajordomocmdinjectcve202350917 show targets ...targets... msf exploitmajordomocmdinjectcve202350917 set TARGET msf...

TFTP Fetch, Windows x64 Reverse Named Pipe (SMB) Stager

Fetch and execute an x64 payload from a TFTP server. Connect back to the attacker via a named pipe pivot Module Options msf use payload/cmd/windows/tftp/x64/meterpreter/reversenamedpipe msf payloadreversenamedpipe show actions ...actions... msf payloadreversenamedpipe set ACTION msf...

TFTP Fetch, Windows x64 Command Shell, Windows x64 Bind TCP Stager

Fetch and execute an x64 payload from a TFTP server. Spawn a piped command shell Windows x64 staged. Listen for a connection Windows x64 Module Options msf use payload/cmd/windows/tftp/x64/shell/bindtcp msf payloadbindtcp show actions ...actions... msf payloadbindtcp set ACTION msf payloadbindtcp...

TFTP Fetch, Windows x64 Reverse HTTP Stager (wininet)

Fetch and execute an x64 payload from a TFTP server. Tunnel communication over HTTP Windows x64 wininet Module Options msf use payload/cmd/windows/tftp/x64/vncinject/reversehttp msf payloadreversehttp show actions ...actions... msf payloadreversehttp set ACTION msf payloadreversehttp show options...

2021 Ubuntu Overlayfs LPE

This module exploits a vulnerability in Ubuntu's implementation of overlayfs. The vulnerability is the result of failing to verify the ability of a user to set the attributes in a running executable. Specifically, when Overlayfs sends the set attributes data to the underlying file system via...

Citrix ADC (NetScaler) CVE-2026-3055 Scanner

This module scans for a vulnerability that allows a remote, unauthenticated attacker to leak memory from a target Citrix ADC server configured as a SAML IdP. The leaked memory is then scanned for session cookies which can be hijacked if found. Module Options msf use...

HTTPS Fetch, Bind TCP Stager (Windows x86)

Fetch and execute an x86 payload from an HTTPS server. Listen for a connection Windows x86 Module Options msf use payload/cmd/windows/https/x86/vncinject/bindtcp msf payloadbindtcp show actions ...actions... msf payloadbindtcp set ACTION msf payloadbindtcp show options ...show and set options...

GrandStream GXP1600 Gather Credentials

This gather module works against Grandstream GXP1600 series VoIP devices and can collect HTTP, SIP, and TR-069 credentials from a device. You can first leverage the exploit/linux/http/grandstreamgxp1600unauthrce exploit module to get a root session on a target GXP1600 series device before running...

Jasmin Ransomware Web Server Unauthenticated Directory Traversal

The Jasmin Ransomware web server contains an unauthenticated directory traversal vulnerability within the download functionality. As of April 15, 2024 this was still unpatched, so all versions are vulnerable. The last patch was in 2021, so it will likely not ever be patched. Module Options msf us...

HTTP Fetch, Find Tag Stager

Fetch and execute a x86 payload from an HTTP server. Use an established connection Module Options msf use payload/cmd/linux/http/x86/meterpreter/findtag msf payloadfindtag show actions ...actions... msf payloadfindtag set ACTION msf payloadfindtag show options ...show and set options... msf...

TFTP Fetch, Linux Command Shell, Bind TCP Inline (IPv6)

Fetch and execute a x86 payload from a TFTP server. Listen for a connection over IPv6 and spawn a command shell Module Options msf use payload/cmd/linux/tftp/x86/shellbindipv6tcp msf payloadshellbindipv6tcp show actions ...actions... msf payloadshellbindipv6tcp set ACTION msf...

TFTP Fetch, Reverse TCP Stager (RC4 Stage Encryption, Metasm)

Fetch and execute an x64 payload from a TFTP server. Connect back to the attacker Module Options msf use payload/cmd/windows/tftp/x64/peinject/reversetcprc4 msf payloadreversetcprc4 show actions ...actions... msf payloadreversetcprc4 set ACTION msf payloadreversetcprc4 show options ...show and se...

TFTP Fetch, Reverse TCP Stager

Fetch and execute an x64 payload from a TFTP server. Connect back to the attacker Module Options msf use payload/cmd/linux/tftp/x64/meterpreter/reversetcp msf payloadreversetcp show actions ...actions... msf payloadreversetcp set ACTION msf payloadreversetcp show options ...show and set options...

VMware Workspace ONE Access CVE-2022-22960

This module exploits CVE-2022-22960 which allows the user to overwrite the permissions of the certproxyService.sh script so that it can be modified by the horizon user. This allows a local attacker with the uid 1001 to escalate their privileges to root access. Module Options msf use...

Adi IRC Credential Gatherer

This module searches for credentials stored on AdiIRC Client on a Windows host. Module Options msf use post/windows/gather/credentials/adiirc msf postadiirc show actions ...actions... msf postadiirc set ACTION msf postadiirc show options ...show and set options... msf postadiirc run This module...

HTTPS Fetch, Reverse TCP Stager with UUID Support (Windows x64)

Fetch and execute an x64 payload from an HTTPS server. Connect back to the attacker with UUID Support Windows x64 Module Options msf use payload/cmd/windows/https/x64/vncinject/reversetcpuuid msf payloadreversetcpuuid show actions ...actions... msf payloadreversetcpuuid set ACTION msf...

Supsystic Contact Form Wordpress Plugin SSTI RCE

This module performs SSTI achieving RCE in webpages containing the Contact Form Wordpress plugin by Supsystic in versions 1.7.36 and before. Module Options msf use exploit/multi/http/wppluginsupsysticcontactformrce msf exploitwppluginsupsysticcontactformrce show targets ...targets... msf...

HTTPS Fetch, Find Tag Ordinal Stager

Fetch and execute an x86 payload from an HTTPS server. Use an established connection Module Options msf use payload/cmd/windows/https/x86/peinject/findtag msf payloadfindtag show actions ...actions... msf payloadfindtag set ACTION msf payloadfindtag show options ...show and set options... msf...

HTTP Fetch, Windows Meterpreter Shell, Reverse TCP Inline

Fetch and execute an x86 payload from an HTTP server. Connect back to attacker and spawn a Meterpreter shell. Requires Windows XP SP2 or newer. Module Options msf use payload/cmd/windows/http/x86/meterpreterreversetcp msf payloadmeterpreterreversetcp show actions ...actions... msf...

Tactical RMM Jinja2 SSTI Remote Code Execution

This module exploits a Server-Side Template Injection SSTI vulnerability in Tactical RMM versions prior to 1.4.0 CVE-2025-69516. The reporting template preview endpoint passes user-controlled Jinja2 template content to Environment.fromstring without sandboxing, allowing arbitrary Python code...

JetBrains TeamCity Login Scanner

This module performs login attempts against a JetBrains TeamCity webpage to bruteforce possible credentials. Module Options msf use auxiliary/scanner/teamcity/teamcitylogin msf auxiliaryteamcitylogin show actions ...actions... msf auxiliaryteamcitylogin set ACTION msf auxiliaryteamcitylogin show...

TFTP Fetch, Bind IPv6 TCP Stager (Linux x86)

Fetch and execute a x86 payload from a TFTP server. Listen for an IPv6 connection Linux x86 Module Options msf use payload/cmd/linux/tftp/x86/meterpreter/bindipv6tcp msf payloadbindipv6tcp show actions ...actions... msf payloadbindipv6tcp set ACTION msf payloadbindipv6tcp show options ...show and...

HTTP Fetch, Linux Chmod

Fetch and execute a x86 payload from an HTTP server. Runs chmod on specified file with specified mode Module Options msf use payload/cmd/linux/http/x86/chmod msf payloadchmod show actions ...actions... msf payloadchmod set ACTION msf payloadchmod show options ...show and set options... msf...

HTTP Fetch, Linux Command Shell, Find Port Inline

Fetch and execute a x86 payload from an HTTP server. Spawn a shell on an established connection Module Options msf use payload/cmd/linux/http/x86/shellfindport msf payloadshellfindport show actions ...actions... msf payloadshellfindport set ACTION msf payloadshellfindport show options ...show and...

HTTP Fetch, Bind TCP Stager (Linux x86)

Fetch and execute a x86 payload from an HTTP server. Listen for a connection Linux x86 Module Options msf use payload/cmd/linux/http/x86/meterpreter/bindtcp msf payloadbindtcp show actions ...actions... msf payloadbindtcp set ACTION msf payloadbindtcp show options ...show and set options... msf...

HTTPS Fetch, Linux Meterpreter Service, Reverse TCP Inline

Fetch and execute an x86 payload from an HTTPS server. Stub payload for interacting with a Meterpreter Service Module Options msf use payload/cmd/linux/https/x86/metsvcreversetcp msf payloadmetsvcreversetcp show actions ...actions... msf payloadmetsvcreversetcp set ACTION msf...

TFTP Fetch, Bind IPv6 TCP Stager with UUID Support (Linux x86)

Fetch and execute a x86 payload from a TFTP server. Listen for an IPv6 connection with UUID Support Linux x86 Module Options msf use payload/cmd/linux/tftp/x86/meterpreter/bindipv6tcpuuid msf payloadbindipv6tcpuuid show actions ...actions... msf payloadbindipv6tcpuuid set ACTION msf...

HTTPS Fetch, Windows x64 IPv6 Bind TCP Stager with UUID Support

Fetch and execute an x64 payload from an HTTPS server. Listen for an IPv6 connection with UUID Support Windows x64 Module Options msf use payload/cmd/windows/https/x64/vncinject/bindipv6tcpuuid msf payloadbindipv6tcpuuid show actions ...actions... msf payloadbindipv6tcpuuid set ACTION msf...

HTTPS Fetch, Bind TCP Stager

Fetch and execute an x64 payload from an HTTPS server. Listen for a connection Module Options msf use payload/cmd/linux/https/x64/meterpreter/bindtcp msf payloadbindtcp show actions ...actions... msf payloadbindtcp set ACTION msf payloadbindtcp show options ...show and set options... msf...

Python Exec, Command Shell, Bind TCP (via python)

Execute a Python payload from a command. Creates an interactive shell via Python, encodes with base64 by design. Compatible with Python 2.4-2.7 and 3.4+. Module Options msf use payload/cmd/windows/python/shellbindtcp msf payloadshellbindtcp show actions ...actions... msf payloadshellbindtcp set...

Powershell Exec, Windows Meterpreter Shell, Reverse HTTP Inline (x64)

Execute an x64 payload from a command via PowerShell. Connect back to attacker and spawn a Meterpreter shell. Requires Windows XP SP2 or newer. Module Options msf use payload/cmd/windows/powershell/x64/meterpreterreversehttp msf payloadmeterpreterreversehttp show actions ...actions... msf...

Powershell Exec, Windows Meterpreter Shell, Reverse TCP Inline (IPv6)

Execute an x86 payload from a command via PowerShell. Connect back to attacker and spawn a Meterpreter shell. Requires Windows XP SP2 or newer. Module Options msf use payload/cmd/windows/powershell/meterpreterreverseipv6tcp msf payloadmeterpreterreverseipv6tcp show actions ...actions... msf...

GitLab GraphQL API User Enumeration

This module queries the GitLab GraphQL API without authentication to acquire the list of GitLab users CVE-2021-4191. The module works on all GitLab versions from 13.0 up to 14.8.2, 14.7.4, and 14.6.5. Module Options msf use auxiliary/scanner/http/gitlabgraphqluserenum msf...

TFTP Fetch

Fetch and execute a PPC64LE payload from a TFTP server. Module Options msf use payload/cmd/linux/tftp/ppc64le/meterpreterreversehttps msf payloadmeterpreterreversehttps show actions ...actions... msf payloadmeterpreterreversehttps set ACTION msf payloadmeterpreterreversehttps show options ...show...

Flowmon Unauthenticated Command Injection

This module exploits an unauthenticated command injection vulnerability in Progress Flowmon versions before v12.03.02. Module Options msf use exploit/linux/http/progressflowmonunauthcmdinjection msf exploitprogressflowmonunauthcmdinjection show targets ...targets... msf...

Gibbon School Platform Authenticated PHP Deserialization Vulnerability

A Remote Code Execution vulnerability in Gibbon online school platform version 26.0.00 and lower allows remote authenticated users to conduct PHP deserialization attacks via columnOrder in a POST request to the endpoint /modules/System%20Admin/importrun.php&type=externalAssessment&step=4. As it...

Authentication Capture: LDAP

This module mocks an LDAP service to capture authentication information of a client trying to authenticate against an LDAP service Module Options msf use auxiliary/server/capture/ldap msf auxiliaryldap show actions ...actions... msf auxiliaryldap set ACTION msf auxiliaryldap show options ...show...

Elasticsearch Enumeration Utility

This module enumerates Elasticsearch instances. It uses the REST API in order to gather information about the server, the cluster, nodes, in the cluster, indices, and pull data from those indices. Module Options msf use auxiliary/gather/elasticsearchenum msf auxiliaryelasticsearchenum show action...

HTTP Fetch, Reverse TCP Stager (IPv6)

Fetch and execute a x86 payload from an HTTP server. Connect back to attacker over IPv6 Module Options msf use payload/cmd/linux/http/x86/meterpreter/reverseipv6tcp msf payloadreverseipv6tcp show actions ...actions... msf payloadreverseipv6tcp set ACTION msf payloadreverseipv6tcp show options...

TFTP Fetch, Windows x64 IPv6 Bind TCP Stager with UUID Support

Fetch and execute an x64 payload from a TFTP server. Listen for an IPv6 connection with UUID Support Windows x64 Module Options msf use payload/cmd/windows/tftp/x64/meterpreter/bindipv6tcpuuid msf payloadbindipv6tcpuuid show actions ...actions... msf payloadbindipv6tcpuuid set ACTION msf...

HTTPS Fetch, Windows x64 Reverse Named Pipe (SMB) Stager

Fetch and execute an x64 payload from an HTTPS server. Connect back to the attacker via a named pipe pivot Module Options msf use payload/cmd/windows/https/x64/peinject/reversenamedpipe msf payloadreversenamedpipe show actions ...actions... msf payloadreversenamedpipe set ACTION msf...

HTTP Fetch, Bind TCP Stager (RC4 Stage Encryption, Metasm)

Fetch and execute an x64 payload from an HTTP server. Connect back to the attacker Module Options msf use payload/cmd/windows/http/x64/peinject/bindtcprc4 msf payloadbindtcprc4 show actions ...actions... msf payloadbindtcprc4 set ACTION msf payloadbindtcprc4 show options ...show and set options...